China Academy of Information and Communications Technology (CAICT) and China Communications Standardization Association (CCSA) held 2017 Big Data Industry Summit on March 28 and 29 instructed by the Ministry of Industry and Information Technology of PRC.

During the summit experts reported on big data sharing, open and protection and other issues. “Big Data Industry Development Plan (2016-2020)” was expounded by the summit. Meanwhile, CAICT announced the results of data flow testing, trusted application store evaluation, big data product evaluation. China Telecom Co., Ltd. cloud computing branch (中国电信股份有限公司云计算分公司) and other six companies become the first batch companies which have passed the data flow testing. Other six companies’ products such as “360 mobile assistant “were awarded a trusted application store certificate.

Here are some highlights conveyed in the summit:

  1. Big data industry in China is currently based on the Cyber Security Law for the management requirements. There are no specific regulatory guidelines at present.
  2. CAICT has proposed a cross-border data flow assessment policy, covering elements such as size of the data, type of data, legal protection level in the receiving countries, and bilateral relations with such receiving countries.
  3. Data for key industries can be regularly assessed by the government to determine whether cross-border or conditional cross-border transfer is allowed.
  4. The principle of authorization includes the user’s direct consent or indirect consent, and it is recommended that different assignments be classified and the authorization process should be clearly defined.
  5. It is recommended to provide clearer guidance in order to achieve the true data desensitization through a standard for data output patterns and data desensitization requirements. It is advisable to have an ex post supervision (instead of a pre-approval system) or third party evaluations and improve the corresponding standard mechanism. Meanwhile, it is recommended that there should be a corresponding emergency mechanism and a reasonable risk compensation mechanism.